RSA Innovation Sandbox winners: One year later

All 10 security companies from last year’s Innovation Sandbox benefit from RSA bounce

innovation idea

With the annual RSA security conference just around the corner, we decided to touch base with the 10 companies selected as finalists in last year’s Innovation Sandbox competition and see how they’re making out.

The RSA Conference had 88 submissions for Innovation Sandbox slots last year and the field was whittled down to Bastille Networks, Illusive Networks, Menlo Security, Phantom Cyber, Prevoty, ProtectWise, SafeBreach, Skyport, Vera and Versa Networks. In last year’s competition, each vendor pitched their product to a panel of judges, as well as a packed house of attendees at the Moscone Center in San Francisco. Phantom Networks was selected as the overall winner.

Of the 10 startups, one might expect a couple to be acquired and maybe one or two to go belly up, but in fact all 10 have attracted new funding, won new customers and delivered new products. Here are the updates:


WHO THEY ARE: Atlanta-based Bastille is led by industry veterans CEO Chris Risley (this is his ninth VC-backed startup) and Mike Engle (vice president of business development.)

WHAT THEY DO: Bastille claims to be the first company to protect networks against threats from the Internet of Things. Bastille’s flagship solution, Bastille Enterprise, provides full visibility into the Internet of Radios inside an enterprise’s corporate airspace. Bastille Enterprise uses a combination of ceiling-mounted sensors and an advanced analytics platform to sense, identify and localize radio-based security threats within the enterprise. Bastille has 14 patents approved and pending which apply machine learning techniques and advanced radio signal processing. The ability to recognize and localize potential threats enables security teams to take swift action and preemptively remove those threats before harm is done.

WHAT’S HAPPENED OVER THE PAST YEAR: According to Risley, “2016 was a tremendous year for Bastille. Building upon the momentum of our MouseJack (mouse hijacking exploit) discovery and successful RSA, Bastille secured several key wins.

“In terms of growth, Bastille opened offices in San Francisco, Santa Cruz (Calif.) and in New York. In July 2016, our research team unveiled KeySniffer, a massive security flaw in wireless keyboards that put millions of enterprises at risk of being breached. In October of 2016, we introduced Bastille Enterprise, the first complete security solution to help protect enterprises from this new breed of radio-based threats. Bastille Enterprise has since been deployed in some of the world’s largest organizations, including Cylance.

AWARDS: 2016 Golden Bridge Award, a 2016 Red Herring “Top 100 North America” award, and a 2016 American Business Award. Bastille was also named a 2016 Gartner “Cool Vendor” and selected as one of Network Computing’s “10 Innovative Network Security Startups”, CRN’s “10 Coolest Startups of 2016”, and Cyber Defense Magazine’s “Best Wireless Security Solution” for 2016.

WHAT THE ANALYSTS ARE SAYING: “When the company presented at RSA in 2016, its sensors represented the initial implementation of Bastille’s technology and were not yet generally available, but by the end of last year Bastille’s product was production-ready. Bastille is still designing its own hardware because, according to the company, there aren’t any sensors on the market that give it the data it needs. These sensors passively detect and analyze radio frequencies from 60MHz to 6GHz which, according to Bastille, covers the full spectrum of devices that could be found in an enterprise. Given all of this data, Bastille is able to do some very innovative analysis, including behavioral analysis of communications to determine whether a particular device is beaconing outside of the building, and an approach to localization that accurately portrays a device’s location within one meter,” according to Scott Crawford, Research Director, Information Security, 451 Research and Patrick Daly, Senior Research Associate, 451 Research.

They add, “Among Bastille’s more provocative capabilities is what it calls an ‘RF persona’, which makes use of Bayesian device fingerprinting and probabilistic graph models to associate specific devices with specific people. As a result, Bastille’s customers are able to track individuals throughout their physical space based on the radio frequencies of the devices they carry with them every day, such as a smart phone, an access card with an RFID chip, a Bluetooth headset, or a fitness tracker. These specific device identities can be associated with an individual’s identity, which enables customers to receive alerts if the sensors don’t recognize the individual moving throughout an environment, or if somebody is somewhere they aren’t authorized to be, such as spending too much time in a restricted access area. For this reason, Bastille could accurately be described as a hybrid between physical and cyber security - which also helps close some of the gaps between IT and OT security - as it enables behavioral analysis of individuals as well as the devices themselves.”


WHO THEY ARE: Headquartered in Tel Aviv, Illusive’s founder and CEO is Ofer Israeli, a former CheckPoint exec.

WHAT THEY DO: By creating a deceptive layer across the entire network — every endpoint, server, and network component ­ with an endless source of false information, Illusive Networks disrupts and detects breaches with realtime forensics and without interrupting business. Illusive Networks’ Attacker View enables enterprises, for the first time ever, to visualize attack vectors in real time. When combined with the Deceptions Everywhere technology, Illusive Networks offers a way to deceive Advanced Attackers and stop APTs.

WHAT’S HAPPENED OVER THE PAST YEAR: Israeli says, "It’s been a banner year for Illusive Networks. We’ve acquired global enterprise customers — growing from 35 to a total of 65 — with network deployments in the U.S., Europe and Asia. Illusive Networks is experiencing exceptional market demand as enterprises realize the effectiveness of our advanced deceptions approach in detection, ease of implementation, and inherent scalability, as opposed to honeypots that are failing to provide sufficient defense.

He adds, "Our Deceptions and Attacker View are deployed across leading financial institutions, insurance companies, retailers, law firms, healthcare providers, and energy and telecommunication companies.

Also, “We secured several strategic partnerships and extended our Series B funding to over $30M enabling us to expand sales and marketing, grow our engineering and support teams and continue to break new ground with our award-winning Deceptions Everywhere cybersecurity technology. Microsoft Ventures just announced their investment, joining the previous strategic investors Citi Ventures and Cisco Investments."

AWARDS: Finalist for MIT Sloan CIO Symposium’s Innovation Showcase, 2016 Cybersecurity Excellence Award Winner, CRN Emerging Vendors List, CIOReview’s 20 Most Promising Cyber Security Solution Providers 2016, 2016 ‘ASTORS’ Homeland Security Platinum Award Winner, Named by SC Magazine as an Industry Innovator in Next-Generation Security Monitoring and Analytics

WHAT THE ANALYSTS ARE SAYING: Says Frost & Sullivan analyst Mike Suby, “My perspective is that Illusive's distinctiveness is in its intuitive design and concentration on its Deception Everywhere approach. Think of it as tripwires at potentially every turn a hacker could possibly make in its effort to learn, collect, and laterally move around an enterprise's environment. This approach leads to detection speed and certainty, which in turn leads to high confidence and comprehensiveness in remediation responses. Low administrative effort, adaptiveness, and scalability further strengthen the Illusive value proposition.”


WHO THEY ARE: Co-founded by Amir Ben-Efraim (CEO) and Poornima DeBolle. Both worked at CheckPoint, Altor Networks, and then Juniper after it acquired Altor.

WHAT THEY DO: Menlo Security protects organizations from cyberattack by eliminating the threat of malware from web and email. Menlo Security’s cloud-based Isolation Platform easily scales to provide comprehensive protection across organizations of any size, without requiring end-point software or impacting end user experience. 

WHAT’S HAPPENED OVER THE PAST YEAR: Ben-Efraim says, "Menlo Security saw dramatic growth in 2016, expanding the community of end-users protected by Menlo’s Isolation Platform by over 50 times. We deployed our solution at scale in marquee accounts, with public references from JPMorgan Chase, Fujitsu, Macy’s and Internet Initiative Japan (leading Japanese Service Provider). Our employee count more than doubled in 2016, as we continue to invest heavily in delivering success and innovation to the hundreds of customers engaged with Menlo all around the world."

By the end of 2016, Menlo hit a milestone by signing up over 100 distribution, system integrator and reseller partners for our SafeToClick Global Channel Partner Program. Menlo also announced a partnership in April to integrate the Menlo Security Isolation Platform with Check Point’s Next-Generation Firewalls and vSEC Virtual Edition Gateways.

In September, Menlo announced a new product extending their isolation technology to prevent threats from targeted phishing attacks. Phishing Isolation stops email threats including malicious links, credential theft and weaponized attachments. Macy’s was an early customer for this new product. Also, JP Morgan Chase came on board last year as a strategic investor.

WHAT THE ANALYSTS ARE SAYING: According to Jeff Wilson, an analyst at IHS Markit, “Menlo rethought the web and email security problem. If web traffic and email attachments never even touch a user’s computer (opened and inspected in temporary sessions in the cloud), the issue of user training becomes largely irrelevant. Phishing attacks are getting more sophisticated, and even though every company does phishing training, credential theft still happens all the time. The difficult part is doing this without affecting the user’s experience with email or their web browser, which after using the solution a bit, they’ve done quite well. You’d never know when using the browser that you’re actually running what is essentially a secure remote desktop session.”


WHO THEY ARE: Founded in 2014 by Oliver Friedrichs and Sourabh Satish. Friedrichs founded Immunet, which was bought by Sourcefire, which Cisco acquired. Lots of Sourcefire, Cisco veterans on the management team.

WHAT THEY DO: Phantom automates/orchestrates your existing security products to reduce the response and remediation gap caused by limited resources, increased threat surface and incidents, and the overwhelming complexity of your technology infrastructure.

WHAT’S HAPPENED OVER THE PAST YEAR: “Security automation and orchestration has become a top priority for organizations in 2016,” says Friedrichs. “After starting the year by winning the RSAC Innovation Sandbox competition, we’ve seen strong interest in our platform, our app ecosystem, and the automation playbooks our community has developed. The progress we’ve seen in 2016 proves that reducing time spent on tedious and repetitive tasks through orchestration is becoming a must-have means of increasing the capacity of security teams and driving consistency for more accurate results.”

The company has also received additional funding from In-Q-Tel Strategic Investment and Kleiner Perkins. And Phantom has more than doubled the number of employees to around 50.

AWARDS: SINET16, CRN’s 10 Coolest Startups, Dark Reading’s Best of Black Hat, GSN's Best Security Orchestration Solution

WHAT THE ANALYSTS ARE SAYING: Jon Olstik, analyst at Enterprise Strategy Group, says, “According to the ESG 2017 IT spending intentions survey, 45% of organizations report that they have a “problematic shortage” of cybersecurity skills. With regard to incident response, this means that they don’t have the staff size or skill set to detect and remediate security issues in a timely fashion. Since organizations can’t hire their way out of this problem, they need to rely on technology improvement and process automation to make the cybersecurity team more productive and effective at what they do. That’s why incident response automation and orchestration tools like Phantom will gain visibility and grow revenue in 2017. CISOs will turn to these tools so they can increase IR capacity, accelerate processes, and automate burdensome manual tasks.”

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)